Launchpad CVE tracker

CVE 2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2013-6393 (Candidate) is related to these bugs:

Bug #1276156: CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags

		In	Importance	Status
1276156	CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags	libyaml (Ubuntu)	Medium	Fix Released
1276156	CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags	libyaml (Debian)	Unknown	Fix Released
1276156	CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags	libyaml (Ubuntu Lucid)	Medium	Won't Fix
1276156	CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags	libyaml (Ubuntu Precise)	Medium	Fix Released

Bug #1279805: regression in CVE-2013-6393 patch

		In	Importance	Status
1279805	regression in CVE-2013-6393 patch	libyaml (Ubuntu)	Critical	Fix Released
1279805	regression in CVE-2013-6393 patch	libyaml (Ubuntu Precise)	Critical	Fix Released
1279805	regression in CVE-2013-6393 patch	libyaml (Ubuntu Saucy)	Critical	Fix Released
1279805	regression in CVE-2013-6393 patch	libyaml (Ubuntu Quantal)	Critical	Fix Released
1279805	regression in CVE-2013-6393 patch	libyaml (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6393

References